[tor-talk] Adblock Plus and Ghostery should be included in Tor bundle

Sun Feb 12 18:14:21 UTC 2012

On 2/12/2012 10:41 AM, Brian Franklin wrote:
> Unknown makes a good point. The options should be set globally for all users of the Tor Bundle to avoid any profiling. Those who have a need for further configuration do so at their own risk.

Good point.  Originally, at least part of the Tor design was users 
couldn't be tracked from end to end - period.  Nothing about profiling 
based on customization.  Now things have changed - obviously.

A lot of users (apparently) don't want to use TBB in its current default 
state.  That may / may not be good for the crowd and / or them.  I don't 
have enough deep, technical knowledge to say.
One thing I do know, is the internet, trackers, hackers, gov'ts, etc., 
keep discovering new tools & refining ways to track Tor & NON - Tor 
users.  Tor devs constantly have to keep up & try to stay even, if not 
ahead of "the adversaries."  Overall, they do a good job & I'm pretty 
sure all but experienced software devs w/ an excellent knowledge of 
security issues, have no idea how hard this is for Tor devs.

That still leaves the question, should TBB users install addons that 
haven't been explicitly tested & proclaimed "safe" to use w/ TBB (as 
safe as the internet or TBB can reasonably be - NOTHING  is or ever will 
be 100%).  I don't know, but topic probably deserves more "official" 
discussion.

Now that Tor / TBB has become internationally well known, to extent some 
countries already ban it & U.S. (& others) has considered legislation 
that would affect its overall use, the big problem for users may soon 
be, "are you using Tor _at all_," not just, could someone profile you 
from browser / addon settings?

One big question - is it a necessity (no way around it) for sites or 
traffic monitors to see what extensions are installed or other non - 
default TBB settings (other than bare minimum, like browser ver., OS, 
etc.).  I don't understand the problems involved, so I'm asking the 
"stupid" questions on others' behalf.  Why is it necessary that data 
like Ghostery (or many other) extensions are installed, be made 
available to sites from TBB?  Why is it necessary (or is it?) for 
extension devs to write them so that the extension(s) installed are made 
known to sites?

[I'm basing the question on many posts to the list about "if users use 
xyz addon, or change TBB default settings, it's possible to 
"fingerprint" them].
Why does a site have to know WHAT is blocking a tracker beacon or an ad, 
rather than just they ARE blocked?  NoScript is included in TBB w/ all 
scripts allowed in default settings.  So every user has it enabled (by 
default).  There must be an extraordinary # of customization 
possibilities w/ that one extension.  If users blacklist one site in 
NoScript, they're automatically "different."  Cookies are globally 
enabled by default in TBB, so those blocking them are automatically 
different.  Is there more risk to users being profiled as unique, by 
blacklisting ONE site in NoScript (or any other routine changes) than 
there is by installing Ghostery, AdBlock Plus, etc?

Admittedly, I may not  fully understand the problems here.  When any of 
many cookie managers / blockers (aside from native Firefox / Aurora) 
blocks cookies, I don't think the site knows "Cookie Monster is blocking 
cookies," does it?  It just says, "Your browser isn't accepting 
cookies."  Maybe I'm wrong & sites DO know it's Cookie Monster??  But if 
not, seems the same principle would (often) apply to blocking beacons, 
ads & many other things using extensions, would it not?  Using TBB, 
sites don't have your true IP address, true geographical location, etc.  
Why do they need to know which extensions are installed or the settings 
of them?

Don't shoot the messenger - I'm just asking some questions that I 
haven't seen discussed - here - in detail.